On 2014-05-20 18:51, Boris Zbarsky wrote:
On 5/20/14, 11:03 AM, The Wanderer wrote:
If it is properly sandboxed, it should not be able to find out
anything
about the sandbox (== the host executable) except what the sandbox
itself tells it
A sandboxed process still have full access to its own address space,
no? It may be restricted in terms of what system calls it can make,
but within itself it can do whatever it wants.
No, if the CDM process has less privilege than the container then it
will not control the sandbox address space. The container can use memory
protection to return different values when reading versus executing the
sandbox code and can trap calls to the sandbox code to handle them
outside the sandbox.
You have still not proven your claim that the CDM will be robust, and
the FAQ states the fact that no streaming services currently accept it.
There is no basis to believe that services streaming big budget movies
will accept this as robust DRM. Mozilla will be able to use the lack of
acceptance of the CDM to justify a decision support other CDM's that
have privilege control of users computers, for all the same excuses.
Keep in mind that the contemporary web does not include DRM technology
and that the open web community reserves the right to add all and any
features to the open web, including to the EME. The open web community
does not recognize or accept the restrictions on their freedom to
innovate that the EME suggests and does not recognize the W3C or Mozilla
as being part of the open web community. All the deceptive propaganda
from the EME proponents and now Mozilla do not change this fact. People
should understand that there is a strong legal precedent for this
position and it will help if open web developers are persecuted. People
need to see that Mozilla are promoting the contrary view that, the web
has always included DRM, and that the EME/CDM is the same as a
proprietary plugin using a generic API, and understand that this
propaganda will damage this defense. Once this defense has been defeated
the gates will be open to add more DRM to the web, it is not a one-off
compromise as Mozilla management deceptively claim, it is a one-off
defeat of the contemporary web. We need to stand up for the open web
now, and call out the Mozilla management for what they are doing, they
have no place in the open web community.
So if the CDM is running directly in the sandbox process address space
(as opposed to running in some sort of VM) then it can interrogate
things like the address space layout and compare it to the layout it
expects.
unless there are channels for it to access the host
system which bypass the sandbox.
Inspecting your own address space doesn't require access to the system.
It certainly does require privilege over the system. Obfuscated code
could go some way to frustrating a container and to detect tampering,
but the sandbox is described as open source code and what defense does
it have?
Jim
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
